Home → Windows XP Help → Networking → How to configure file sharing in Windows XP
1.3. How to configure file sharing in Windows XP
Summary
With Windows XP, you can share files and documents with other users on your computer and with other users on a network. There is a new user interface (UI) named Simple File Sharing and a new Shared Documents feature. This article describes the new file sharing UI and discusses the following topics:
-
How to turn Simple File Sharing on and off.
-
How to manage and configure levels of access to shares and files.
-
Guidelines for file sharing in Windows XP.
-
How to troubleshoot file sharing problems.
Windows XP Home Edition-based computers always have Simple File Sharing enabled.
Introduction
On a Windows XP-based computer, you can share files among both local and remote users. Local users log on to your computer directly through their own accounts or through a Guest account. Remote users connect to your computer over the network and access the files that are shared on your computer.
You can access the Simple File Sharing UI by viewing a folder's properties. Through the Simple File Sharing UI, you can configure both share and NTFS file system permissions at the folder level. These permissions apply to the folder, all the files in that folder, subfolders, and all the files in the subfolders. Files and folders that are created in or copied to a folder inherit the permissions that are defined for their parent folder. This article describes how to configure access to your files, depending on permission levels. Some information that this article contains about these permission levels is not documented in the operating system files or in the Help file.
You can access the Simple File Sharing UI by viewing a folder's properties. Through the Simple File Sharing UI, you can configure both share and NTFS file system permissions at the folder level. These permissions apply to the folder, all the files in that folder, subfolders, and all the files in the subfolders. Files and folders that are created in or copied to a folder inherit the permissions that are defined for their parent folder. This article describes how to configure access to your files, depending on permission levels. Some information that this article contains about these permission levels is not documented in the operating system files or in the Help file.
Turning on and turning off Simple File Sharing
Simple File Sharing is always turned on in Windows XP Home Edition-based computers. By default, the Simple File Sharing UI is turned on in Windows XP Professional-based computers that are joined to a workgroup. Windows XP Professional-based computers that are joined to a domain use only the classic file sharing and security interface. When you use the Simple File Sharing UI (that is located in the folder's properties), both share and file permissions are configured.If you turn off Simple File Sharing, you have more control over the permissions to individual users. However, you must have advanced knowledge of NTFS and share permissions to help keep your folders and files more secure. If you turn off Simple File Sharing, the Shared Documents feature is not turned off.
To turn Simple File Sharing on or off in Windows XP Professional, follow these steps:
- Double-click My Computer on the desktop.
- On the Tools menu, click Folder Options.
- Click the View tab, and then select the Use Simple File Sharing (Recommended) check box to turn on Simple File Sharing. (Clear this check box to turn off this feature.)
) on the following Windows Media Player viewer:
Note To view this video, you must have Microsoft Windows Media Player 7.0 or a later version on your computer.
Note To view this video, you must have Microsoft Windows Media Player 7.0 or a later version on your computer.
Managing levels of access to shares and to files
You can use Simple File Sharing to configure five levels of access to shares and files:
You can use Simple File Sharing to configure five levels of access to shares and files:
- Level 1: My Documents (Private)
- Level 2: My Documents (Default)
- Level 3: Files in shared documents available to local users
- Level 4: Shared Files on the Network (Readable by Everyone)
- Level 5: Shared Files on the Network (Readable and Writable by Everyone)
- By default, files that are stored in "My Documents" are at Level 2.
- Levels 1, 2, and 3 folders are available only to a user who is logging on locally. Users who log on locally include a user who logs on to a Windows XP Professional-based computer from a Remote Desktop (RDP) session.
- Levels 4 and 5 folders are available to users who log on locally and remote users from the network.
| Access Level | Everyone (NTFS/File) | Owner | System | Administrators | Everyone (Share) |
|---|---|---|---|---|---|
| Level 1 | Not available | Full Control | Full Control | Not available | Not available |
| Level 2 | Not available | Full Control | Full Control | Full Control | Not available |
| Level 3 | Read | Full Control | Full Control | Full Control | Not available |
| Level 4 | Read | Full Control | Full Control | Full Control | Read |
| Level 5 | Change | Full Control | Full Control | Full Control | Full Control |
Level 1: My Documents (Private)
The owner of the file or folder has read and write permission to the file or folder. Nobody else may read or write to the folder or the files in it. All subfolders that are contained in a folder that is marked as private remain private unless you change the parent folder permissions.If you are a Computer Administrator and create a user password for your account by using the User Accounts Control Panel tool, you are prompted to make your files and folder private.
Note The option to make a folder private (Level 1) is available only to a user account in its own My Documents folder.
To configure a folder and all the files in it to Level 1, follow these steps:
- Right-click the folder, and then click Sharing and Security.
- Select the Make this Folder Private check box, and then click OK.
- Owner: Full Control
- System: Full Control
- Not Shared
Level 2 (Default): My Documents (Default)
The owner of the file or folder and local Computer Administrators have read and write permission to the file or folder. Nobody else may read or write to the folder or the files in it. This is the default setting for all the folders and files in each user's My Documents folder.To configure a folder and all the files in it to Level 2, follow these steps:
- Right-click the folder, and then click Sharing and Security.
- Make sure that both the Make this Folder Private and the Share this folder on the networkcheck boxes are cleared, and then click OK.
- Owner: Full Control
- Administrators: Full Control
- System: Full Control
- Not Shared
Level 3: Files in shared documents available to local users
Files are shared with users who log on to the computer locally. Local Computer Administrators can read, write, and delete the files in the Shared Documents folder. Restricted Users can only read the files in the Shared Documents folder. In Windows XP Professional, Power Users may also read, write, or delete any files in the Shared Documents Folder. The Power Users group is available only in Windows XP Professional. Remote users cannot access folders or files at Level 3. To allow remote users to access files, you must share them out on the network (Level 4 or 5).To configure a file or a folder and all the files in it to Level 3, start Microsoft Windows Explorer, and then copy or move the file or folder to the Shared Documents folder under My Computer.
Local NTFS Permissions:
- Owner: Full Control
- Administrators: Full Control
- Power Users: Change
- Restricted Users: Read
- System: Full Control
- Not Shared
Level 4: Shared on the Network (Read-Only)
Files are shared for everyone to read on the network. All local users, including the Guest account, can read the files. But they cannot modify the contents. Any user can read and change your files.To configure a folder and all the files in it to Level 4, follow these steps:
- Right-click the folder, and then click Sharing and Security.
- Click to select the Share this folder on the network check box
- Click to clear the Allow network users to change my files check box, and then click OK.
- Owner: Full Control
- Administrators: Full Control
- System: Full Control
- Everyone: Read
- Everyone: Read
Level 5: Shared on the network (Read and Write)
This level is the most available and least secure access level. Any user (local or remote) can read, write, change, or delete a file in a folder shared at this access level. We recommend that this level be used only for a closed network that has a firewall configured. All local users including the Guest account can also read and modify the files.To configure a folder and all the files in it to Level 5, follow these steps:
- Right-click the folder, and then click Sharing and Security
- Click to select the Share this folder on the network check box, and then click OK.
- Owner: Full Control
- Administrators: Full Control
- System: Full Control
- Everyone: Change
- Everyone: Full Control
All the levels that this article describes are mutually exclusive. Private folders (Level 1) cannot be shared unless they are no longer private. Shared folders (Level 4 and 5) cannot be made private until they are unshared.
If you create a folder in the Shared Documents folder (Level 3), share it on the network, and then allow network users to change your files (Level 5), the permissions for Level 5 are effective for the folder, the files in that folder, and the subfolders. The other files and folders in the Shared Documents folder remain configured at Level 3.
Note The only exception is if you have a folder (SampleSubFolder) that is shared at Level 4 inside a folder (SampleFolder) that is shared at Level 5. Remote users have the correct access level to each shared folder. Locally logged-on users have writable (Level 5) permissions to the parent (SampleFolder) and child (SampleSubFolder) folders.
Guidelines
We recommend that you only share folders on the network that remote users on other computers must access. We recommend that you do not share the root of the system drive. When you do this, your computer is more vulnerable to malicious remote users. The Sharing tab of the drive's Propertiesdialog box contains a warning when you try to share a root folder (for example, C:\). To continue, you must click the If you understand the risk but still want to share the root of the drive, click herelink. Only computer administrators can share the root of the drive.Files on a read-only device such as a CD-ROM shared at Level 4 or 5 are available only if the CD-ROM is in the CD drive. Any CD-ROM that is in the CD drive is available to all users on the network.
A file's permission may differ from the parent folder if one of the following conditions is true:
- You use the move command at a command prompt to move a file into the folder from a folder on the same drive that has different permissions.
- You use a script to move the file into the folder from a folder on the same drive that has different permissions.
- You run Cacls.exe at a command prompt or a script to change file permissions.
- Files existed on the hard disk before you installed Windows XP.
- You changed a file's permissions while Simple File Sharing was turned off on Windows XP Professional.
If you turn on and turn off Simple File Sharing, the permissions on files are not changed. The NTFS and share permissions do not change until you change the permissions in the interface. If you set the permissions with Simple File Sharing enabled, only Access Control Entries (ACEs) on files that are used for Simple File Sharing are affected. The following ACEs in the Discretionary Access Control List (DACL) of the files or folders are affected by the Simple File Sharing interface:
- Owner
- Administrators
- Everyone
- System
This page was: Helpful |
Not Helpful